From b79738a9d78c80e277ad7afe800c151d81c7a5c1 Mon Sep 17 00:00:00 2001 From: "kaiwang@chromium.org" Date: Thu, 10 May 2012 06:41:18 +0000 Subject: Revert 136250 - This is a copy of CL http://codereview.chromium.org/10307002/ I'll commit this and revert soon to get performance data. TBR=kaiwang@chromium.org Review URL: https://chromiumcodereview.appspot.com/10382098 git-svn-id: svn://svn.chromium.org/chrome/trunk/src@136251 0039d316-1c4b-4281-b951-d872f2087c98 --- third_party/tcmalloc/chromium/src/tcmalloc.cc | 24 ++++++++++++++---------- 1 file changed, 14 insertions(+), 10 deletions(-) diff --git a/third_party/tcmalloc/chromium/src/tcmalloc.cc b/third_party/tcmalloc/chromium/src/tcmalloc.cc index f0e400f..a87a4df 100644 --- a/third_party/tcmalloc/chromium/src/tcmalloc.cc +++ b/third_party/tcmalloc/chromium/src/tcmalloc.cc @@ -178,13 +178,13 @@ using tcmalloc::StackTrace; using tcmalloc::Static; using tcmalloc::ThreadCache; -// ---- Functions doing validation with an extra mark. +// ---- Double free debug declarations static size_t ExcludeSpaceForMark(size_t size); static void AddRoomForMark(size_t* size); static void ExcludeMarkFromSize(size_t* new_size); static void MarkAllocatedRegion(void* ptr); static void ValidateAllocatedRegion(void* ptr, size_t cl); -// ---- End validation functions. +// ---- End Double free debug declarations DECLARE_int64(tcmalloc_sample_parameter); DECLARE_double(tcmalloc_release_rate); @@ -1170,12 +1170,9 @@ inline void do_free_with_callback(void* ptr, void (*invalid_free_fn)(void*)) { Static::central_cache()[cl].InsertRange(ptr, ptr, 1); } } else { - // Make sure ptr is inside the first page of the span. - CHECK_CONDITION(span->start == p); - // Make sure we are not freeing interior pointers, even in release build. - CHECK_CONDITION(reinterpret_cast(ptr) % kPageSize == 0); - SpinLockHolder h(Static::pageheap_lock()); + ASSERT(reinterpret_cast(ptr) % kPageSize == 0); + ASSERT(span != NULL && span->start == p); if (span->sample) { StackTrace* st = reinterpret_cast(span->objects); tcmalloc::DLL_Remove(span); @@ -1279,7 +1276,7 @@ inline void* do_realloc(void* old_ptr, size_t new_size) { void* do_memalign(size_t align, size_t size) { ASSERT((align & (align - 1)) == 0); ASSERT(align > 0); - // Marked in CheckedMallocResult(), which is also inside SpanToMallocResult(). + // Marked in CheckMallocResult(), which is also inside SpanToMallocResult(). AddRoomForMark(&size); if (size + align < size) return NULL; // Overflow @@ -1701,7 +1698,7 @@ extern "C" PERFTOOLS_DLL_DECL size_t tc_malloc_size(void* ptr) __THROW { #endif // TCMALLOC_USING_DEBUGALLOCATION -// --- Validation implementation with an extra mark ---------------------------- +// ---Double free() debugging implementation ----------------------------------- // We will put a mark at the extreme end of each allocation block. We make // sure that we always allocate enough "extra memory" that we can fit in the // mark, and still provide the requested usable region. If ever that mark is @@ -1749,6 +1746,13 @@ static void DieFromDoubleFree() { *p += 1; // Segv. } +static size_t DieFromBadFreePointer(const void* unused) { + char* p = NULL; + p += 2; + *p += 2; // Segv. + return 0; +} + static void DieFromMemoryCorruption() { char* p = NULL; p += 3; @@ -1789,7 +1793,7 @@ inline static size_t ExcludeSpaceForMark(size_t size) { } inline static MarkType* GetMarkLocation(void* ptr) { - size_t class_size = GetSizeWithCallback(ptr, &InvalidGetAllocatedSize); + size_t class_size = GetSizeWithCallback(ptr, DieFromBadFreePointer); ASSERT(class_size % sizeof(kAllocationMarkMask) == 0); size_t last_index = (class_size / sizeof(kAllocationMarkMask)) - 1; return static_cast(ptr) + last_index; -- cgit v1.1